<?php
session_start();
//echo$_REQUEST['geist2'],'<br />+ ',getPasswordForUser($_REQUEST['geistu']);
//md5($_SESSION['geist1'].getPasswordForUser($_REQUEST['geistu']));

auth();

function auth(){
  $reset=' <a href="#" onclick="history.go(-2)">go back to the main page</a>';
  if(isset($_SESSION['geist1']) && isset($_REQUEST['geistu']) && isset($_REQUEST['geist2']) && isset($_REQUEST['url'])){
    if(md5($_SESSION['geist1'].getPasswordForUser($_REQUEST['geistu']))==$_REQUEST['geist2']){
      //echo'login';
      $_SESSION['auth']='tau';
      $_SESSION['user']=$_REQUEST['geistu'];
      unset($_SESSION['geist1']);
      header($_REQUEST['url']);
      exit;
    }
    else echo'login failed: incorrect user or password',$reset;
  }
  else echo'login failed: invalid session',$reset;
}

function getPasswordForUser($username){
// get password from a simple associative array
// but this could be easily rewritten to fetch user info from a real DB
$userdb=array(
"admin"=>"nimda",
"Marnix" =>"2012",
"Jeffrey"=>"passwd",
"cultuuradm"=>"CLT/tr3n");
  if(isset($userdb[$username])) return $userdb[$username];
  else return '';
}

/*
create table test(user varchar(100), password varchar(100));
insert into test(user,password) values('patrick', AES_ENCRYPT('password', 'mykey'));
select * from test where user = 'patrick';
update test set password = AES_ENCRYPT('new password', 'mykey') where user = 'patrick';
select AES_DECRYPT(password, 'mykey') from test where user = 'patrick';
 *
 *
 $mysqli=new mysqli('localhost','bnatwork','T7dHAzvWWStZzcC7','bnatwork');
 if($result=$mysqli->query("SELECT * FROM SiteMenu, TagMenu, PluginComponent WHERE menuSITE = (SELECT siteID FROM Site WHERE siteNAME = 'bnatwork') AND menuID = tmMENUID AND tmCOMPONENT = pcNAME ORDER BY menuINDEX, tmINDEX")){  //echo'For the state of AL, there are '.$result->num_rows.' cities.<br/>';
  while($row=$result->fetch_object()){
	if ($row->menuID != $compare_c){
		if($compare_c!=-1)
		{
		echo '</ul></div>';
		}

	echo '<div class="section"><h3>'. $row->menuNAME .'</h3><ul>';
	$compare_c = $row->menuID;
}*/

?>
